<!DOCTYPE html>
<html>
<head>
<title>This page should only allow subframes from the same origin or b.com</title>
</head>
<body>
This page should only allow subframes from the same origin or from b.com,
because its CSP headers specify frame-src 'self' and 'b.com'.
<iframe src="/cross-site/b.com/title2.html"></iframe>
<iframe srcdoc="
  <html>
    <head>
      <title>subtitle1</title>
    </head>
    <body>
      <iframe src='/cross-site/b.com/title2.html'></iframe>
    </body>
  </html>"></iframe>
</body>
</html>

